Release date:
2026-05-07 13:53:39 UTC
Description:
* SECURITY UPDATE: HTTP server crash on __proto__ header
- debian/patches/CVE-2026-21710.patch: initialise headersDistinct and
trailersDistinct destination maps with { __proto__: null } so a
__proto__ request header no longer resolves to Object.prototype and
cause an uncaught TypeError when req.headersDistinct or
req.trailersDistinct is accessed
- CVE-2026-21710
Updated packages:
-
alt-nodejs18-docs_18.20.8-9_amd64.deb
sha:f9718e9cc3b8092047212108728b97507ae79c03
-
alt-nodejs18-nodejs_18.20.8-9_amd64.deb
sha:96048eddae0f527d44eb25e0de5e34dc269fa524
-
alt-nodejs18-nodejs-devel_18.20.8-9_amd64.deb
sha:102878768706aa5105da5ea13d2231f5f8b88c39
-
alt-nodejs18-npm_10.8.2-18.20.8.6_amd64.deb
sha:8d97642f44c953af59702554bd0e5e5e59452bea
-
alt-nodejs18-docs_18.20.8-9_arm64.deb
sha:fd151da2ddaf07d76da70fb99bc2829f5171d91d
-
alt-nodejs18-nodejs_18.20.8-9_arm64.deb
sha:ea94f84560e25d9e58aa6b99da031a840c7f1a58
-
alt-nodejs18-nodejs-devel_18.20.8-9_arm64.deb
sha:7e452dc5e18c53345011d88bbbb1fc56c74c5241
-
alt-nodejs18-npm_10.8.2-18.20.8.6_arm64.deb
sha:3aa83be7bd1b9ed08e087dd2115fdc93702702b9
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
